Inject C# In Any .NET App With This Secret Entry Point
Vložit
- čas přidán 1. 01. 2023
- Join the NDC Conferences Giveaway: mailchi.mp/nickchapsas/ndc
Check out my courses: dometrain.com
Become a Patreon and get source code access: / nickchapsas
Hello everybody I'm Nick and in this video I will show you a .NET feature that very few people know, called startup hooks. Startup hooks allow you to inject .NET code into your application and have it run as part of your app's process without having to build it with the application every time.
Workshops: bit.ly/nickworkshops
Don't forget to comment, like and subscribe :)
Social Media:
Follow me on GitHub: bit.ly/ChapsasGitHub
Follow me on Twitter: bit.ly/ChapsasTwitter
Connect on LinkedIn: bit.ly/ChapsasLinkedIn
Keep coding merch: keepcoding.shop
#csharp #dotnet
Not sure that this one is for me. I always try to maximize obvious-ness in my code so that the next programmer (or the future me) will have an easy time understanding it. Launching a block of code through an environment variable value is very cool, but way too magical for what I value which is obvious-ness. Comments could help, but I've met many junior programmers who are too proud or lazy to read the comments. I will however start logging the value of that environment variable in my startup code, just in case some other member on my team doesn't share my aversion to magic. Thanks for another great video!
It’s so cool to see stuff like this! I remember many moons ago I created a way of loading other assemblies with WebForms into my main WebForms project. We had some huge forms with many files that all had same structure so I created a project template for it and the main project would load it dynamically using virtual routes. It was kind of a reflection hell and I don’t remember how I even did it, but it felt so good when it worked!
I was waiting for something like this!! Don't shy out to make more content like this!
This feature while cool, it seems to me like a malware paradise. A malware can use it to hide itself from Task Manager, operating from inside random non-malware processes. Also it can read everything including passwords and encryption keys from within the process.
Great content, as usual!
And regarding the workshops, I am very happy to see you're coming to Iași, a beautiful city in Romania. Actually it is the former capital of Romania and the 2nd largest in the country, with a big community in IT industry.
This is why I believe it deserves to be mentioned in your announcements, next to "dotnetdays", the same as all the other more known cities.
Very cool, this will definitily come in handy. I knew about the assembly resolver, but not so much about the hooking.
Also i didn´t knew that you could redirect the console logging like that - i like that. Thanks for sharing.
Great video - I can see some fun and very interesting uses for this. Thanks for the video
So I've always poked around dotnet (around version 3) and really loved the syntax and especially love powershell.
But since I discovered your channel, I've moved from casual programmer, to whatever the next level is. Coinciding with my new obsession with microcontrollers, you've really just made what would have been an insane amount of hours of staring at code a much smoother process. Like, you make advanced stuff digestable.
Thank you!!
Never seen this before, thank you for showing this to us.
Thank you for the vid. I'll definitely try the feature.
you know what?
I never understand your videos but watch like crazy.
I wish to be a developer like you.
Love and peace from Afghanistan.
I love how this is available, and it seems mature enough for most scenarios that involve basic application intermediation like status and health logging. Most other purposes would be better to directly include in the source project that is being hooked.
That being said I wonder, is that functionality abstracted anywhere? I believe that there's a lot of boilerplate just to get some key parts of the hook running like the assembly context loader
Great content, as always! Could you do a video about plug-ins? I am interested if it's possible to deploy custom logic to client apps as optional libraries.
Wauw, I did not know this. Great content.
Very cool, never realized it had been around so long.
Did not know about this. Very surprising!
Interesting! Never heard of this feature before
Heck I am going to fetch my metrics and push it to elastic. Even from my legacy projects. Incredible!
4:20 I see absoloutly no malicious use cases for this feature 👍👍
Looks great, thanks
Nick, Happy New Year! Thank you for great explanation as always. I want to ask, If I could use IApplicationLifetime service instead of this approach, subscribing to it events ApplicationStart, ApplicationEnd? And what is the difference?
i've done this before, you can also use c# compiler to generate assembly directly to memory and execute it from there, therefore you could run c# code (not dll) directly from your application
Back to the old days of AssemblyResolver, I used it for dynamic web-service generation and loading in the ASMX days :)
Hey Nick, this is great, I will be using this, so thanks so much for the introduction to this approach, I think it is very cool, however.... Hot Reload? Is this one of the limitations that you mentioned/hinted towards the end of the video?
Slightly off topic,but also related: I have a Blazor WASM project that I've been working on that uses 'AdditionalAssemblies' and hot reload has never worked for me, so I'm curious that if you have figured out or know that this works with Hot Reload, that perhaps I'll be able to figure out a way to get my Blazor app to work with hot reload too.
p.s. I have been asking for help on Microsoft forums/posts/github but nothing helpful as of yet...
I wish I knew this existed before. I have been loading libraries using an interface and reflection. And pointing to the dll from appsettings
I'm happy to know how hooks works. And also hapy that probably I'll never use it. The fact that you can't use nuget packages installed dirctly into the hook library is a serious disadvantage. For me hooks are relatated to the platform infrastucture. And from architectural point of view if I'm not required to use it I'll just not use it or at least not with hooks.
Hi, i love your videos. I have two questions:
- If i want to prevent code injection by this way, can i clean environment variable at Program?
- What's happen if hook throw a exception? The entire application will shutdown?
Thank you!
Thanks
has there ever been a video on PipeReaders/pipelines, Channels, SequenceReader, this kind of stuff? maybe there was one on ArrayPool/MemoryPool
I have been writing dotnet code for a really really long time and had no idea about this. This is pretty awesome!!
Is there any official dotnet docs on this feature?
So it's a sort of plugin architecture that has only one hook but it's available in any .NET application. Would be cool to see this generalised to simplify adding plugins !
Didt know. But interesting)) thnx
.net framework was comparatively safe when it comes to vulnerabilities and RCE. This one feature will turn that around for sure. its only time before this feature becomes the Achilles heel for dotnet core.
Apparently, this has been around since .NET 2.0 or so
I ussualy set 1,5x speed codding videos on youtube but i dont need while i watching yours :)
Reminds me a bit of Module Initializers.
You seem to be enjoying good performance. Could you describe your hardware setup?
Hi Nick thanks for this great video. A question: is the text writer example at the end thread safe? I see that text writer has a wrapper called Synchronized that is thread safe. And not sure of the performance. thanks.
its so cool!
Approved
You can take this one step further and inject services at application startup. Dotnet uses this in their SpaProxy nuget package. You can see it in action by creating a new React web app template.
Crazy 😱
Useful hook. I would use it! Only problem is the magic.. but for debug stuff it's worth it. A little limited in the classical ms way, but still cool.
I have made a similar thing with events, where I would have static events, construct a class in the program level, which would bind its member methods to the events. When ever any part of the app needed to use it they would just invoke it. I didn't need to keep it as a member any where, in fact I discarded it when new-ing.
But this hook is probably better, since app code didn't have to explicitly call it from what I gathered?
Thanks for quality contents Nick. I have a completely unrelated query. As I see your terminal screen gives information about current branch name ...etc. I wonder how can I get same functionality ? ( OS : windows )
Thanks
It looks like Oh My Posh running inside Windows Terminal.
Thanks @richtea43
For those doing this with Visual Studio; is there any way to stop VS from publishing to Nuget Package? In .NET Framework, it used to just dump the deployed output to the publish folder, but now it wraps it all as a Nuget Pacakge automatically. I can't find any way to make it stop. I don't want a Nuget Package; I just want a DLL file.
I see one use-case: in CI pipeline run all the tests with different cultures (set it in the hook from an environment variable) [side note: you can do this in .NET Framework as well by using IL weaving tools out there]. IMO there is very little reason to use this technique for code you control.
IL weaving is something I'd really like to see him create a video on.
Yep, that is an interesting use case. However, I prefer to use parametrized tests and only those depending on culture will receive that culture as a parameter. This is more efficient, since you run the test suite once, and use the test framework's (NUnit in my case) test parametrization features. A better use-case for tests IMO is to perform test report aggregation -- if your tests output generic data that needs to be reported, the hook can transform that data into whatever your test reporting tools (eg. Allure) would prefer. This may help you swtich test report providers without rewriting all your tests, just use separate hooks
isn't this security risk? just with env variable you can run any code on any .net app start/finish?
It’s only a "risk" if you can’t trust where you run your app. If your app runs on something you don’t trust, anyone can do anything with your app beyond just injecting code
I agree. How do we prevent this execution?
As far I I could see this is only running something on the side, it's not directly integrating with the running app but intercepts things that are already somehow interceptable.. @Nick correct me If I am wrong but the DLL can't directly interact with the code in the running app.
I think this is most useful for modding 3rd party softwares
I thought there would be a new course this december 😔
Never heard of this feature
So some infrastructure type of developer can significantly change running systems simply by deploying a new DLL. If it breaks everything is broken? If it performs badly we slowed the whole company down? Interesting but very dangerous. There's no contract with the developer to upgrade based on semantic version as with packages. I see huge nightmares ahead.
Games written in Unity that have no official MOD support, often get their 3rd party mods through things like this.
This feature is very interesting!!! But may it could be a vulnerability? If I understood, this allow us to inject any dotnet DLL justing using a enviroment variable, incliding a DLL capable to access the restrict application data, am i right?
How could it be a vulnability? It requires the environment you are running on to be compromised. If your runtime environment is unsecure, anyone can inject anything no matter what
@@nickchapsas it makes sense, thanks 😋
Hi Nick
Could you please publish examples of code
Code is available to my patreons
Can you share the terminl setup?
I think that's just Rider.
This does not seem to work for a WinUI 3 desktop app packaged with Msix - the environment variable is null... any thoughts, anyone? (Works if commandName is set to Project in the launchSettings.json file)
Do you know if setting the ProcessExit event handler in the startup hook will overwrite a potential ProcessExit event handler that would have been set in the application? Or will both event handlers run?
It doesn't overwrite it, no. Both will fire
Huh, what if you combine your dependencies into the hook assembly?
Wouldn't that mean that it won't need the weird create instance thing you did?
By combine I mean using a tool that takes in multiple DLLs and outputs a single DLL
Does this also work with an already compiled .NET application?
Yeap
Hello Nick, I got a question!
Now I'm calling an api using IHttpClientFactory and the api returned for me 15Million record then I have to save them to the db.
The problem is the whole process takes a lot of time! like 10Mins or so!
I tried BulkInsert and BulkSaveChangesAsync and all other solutions that are available there!
even I used Batching!
I want this whole operation takes only 1S or so!
Can you help in this or suggest someting?
btw I'm using EF Core.
You can use durable functions!
Stop using EF Core brand explore options to bulk load data direct to SQL. Mysql has the ability to bulk load a CSV file which is many times faster than using INSERT. Other dbs do too.
Not gonna happen, it would take longer than 1s just to download the data to a file, add deserialization and database and this should take at least 10s of seconds. I would do raw bulk insert from a DataTable without EF, intelligently split the incoming data into fragments by crawling over the incoming stream and deserialize one by one as needed to save memory. If the records are big it might be faster to do 2 rotating DataTables for the bulk insert in parallel, write one to DB while other is deserializing and preparing next batch. It sounds like you are using a massive amount of memory to deserialize all the records, only then start writing to DB, that would be much slower.
@@the-niker The only way you're going to get down to the time you want is to remove all the extraneous handshaking and back and forth. That means bypassing the API and getting the raw data as a CSV, and then importing it using direct LOAD INFILE or whatever your equivalent is. If A wants to talk to B the quickest way is direct. No matter what tricks you use, going A to B via X Y and Z will never be as quick. Good luck.
@@richardclarke376 Yes, ideally you are right, but I am assuming a JSON/XML REST API and not CSV on the API side. If you can get your hand on something native to the database like a CSV, that would be much faster.
Cool feature, but isn't this a potential security risk as well? Wasn't aware of this beforehand, so learned something new today 🙂
No it’s not. If you can’t trust where your app runs then anything is a security risk
As a developer that got the assignment of making sure our codebase have logging this could come in handy. However I just might use it to spam the Primary dev of a solution to get his/her act together and implement logging. Since I've almost done using Roslyn analyzers to go through the codebase and detect this it's not hard to go one step further and creating DevOps tasks for this as pr project and pr Primary/secondary developer.
I'm getting a headache just from thinking about the security implications of this feature
It runs in the same context? What I'm saying is, can I get real concrete objects instantiated in application from this?
Yeap
@@nickchapsas
Very cool really
Wow 😲
Describe Harmony please.
For the dotnetdays, looks like the dates are incorrect on your link. It says 20-21 october instead of April. Am I wrong ?
20-21 was the old event
@@nickchapsas Okay! When will it be updated then?
@@leoravilo2812 I'm not running the event so I don't know
hi
Very interesting stuff I had no idea this hook exists
I feel this can be use wrongly as well. Might me a security risk
where is source code of this
what is that weather.http file?
Jetbrain Rider's api client. You can use that instead of Postman.
@Cesar sneaky drip feed of cool stuff
@@TimmyBraun Thank you. I use VS2022 and postman
@@Cesar-qi2jb there is a rest client extension for those who use vscode
@@ryan-heath yep, I saw it. Thanks!
This feels like a great attack vector for unscrupulous people to target.
People who can’t trust where their code runs have way bigger problems to deal with
@@nickchapsas Help me understand this logic? The same was probably said about Active X in the browser, but we all know how that ended.
As a developer, this ability to "hook" my (malicious) application into anything that runs within the dotnet framework seems ripe for exploitation since it's such a benign vector that almost nobody would ever think to check. If I were to make a recommendation to the dotnet team it would be to only allow for explicit references to hooks by way of some easily editable configuration file. This would at least prevent global execution from occurring.
@@qtxsystems You can "hook" code into any application if you control the medium it runs on. It doesn't matter if it's C#, C++ or Go. The moment you control the runtime environment you control everything.
@@nickchapsas Fair enough. Thanks!
Very cool, but I can also see this being used maliciously.
This workaround can be applied directly to the nuget package without a need to create a bridge. This is better in my opinion if you don’t have many packages.
Just knew it, but it looks like a backdoor to me. Is it documented somewhere, I mean officially.
Yeap it is. And it's not a backdoor. If you can't trust your runtime environment then everything is a backdoor
thanks I hate it
Another way of complicating things, and obfuscate what is actually going on... 😐
I could not make out half the stuff that wsd being said.. Just mumble mumble mumble..
Can you slow down a bit. It's very fast explanation
Thanks